From 4991d6065672467d909f16db0d158611e2ccc127 Mon Sep 17 00:00:00 2001 From: Aaron Schulz Date: Wed, 21 Oct 2015 21:52:52 -0700 Subject: [PATCH] Provide some default $wgRateLimits values * This provides some minimal out-of-the-box protection. * These mostly are the values used by WMF in mediawiki-config Change-Id: Ie510ca9314e151f9c0ad0705d096fe2bb749a59d --- includes/DefaultSettings.php | 119 ++++++++++++++++++----------------- 1 file changed, 62 insertions(+), 57 deletions(-) diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 71fe83d419..88f7c18cee 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -5202,80 +5202,85 @@ $wgApplyIpBlocksToXff = false; * @par Example: * To set a generic maximum of 4 hits in 60 seconds: * @code - * $wgRateLimits = array( 4, 60 ); + * $wgRateLimits = array( 4, 60 ); * @endcode * - * You could also limit per action and then type of users. See the inline - * code for a template to use. - * - * This option set is experimental and likely to change. + * @par Example: + * You could also limit per action and then type of users. + * @code + * $wgRateLimits = array( + * 'edit' => array( + * 'anon' => array( x, y ), // any and all anonymous edits (aggregate) + * 'user' => array( x, y ), // each logged-in user + * 'newbie' => array( x, y ), // each new autoconfirmed accounts; overrides 'user' + * 'ip' => array( x, y ), // each anon and recent account + * 'subnet' => array( x, y ), // ... within a /24 subnet in IPv4 or /64 in IPv6 + * ) + * ) + * @endcode * - * @warning Requires memcached. + * @warning Requires that $wgMainCacheType is set to something persistent */ $wgRateLimits = array( + // Page edits 'edit' => array( - 'anon' => null, // for any and all anonymous edits (aggregate) - 'user' => null, // for each logged-in user - 'newbie' => null, // for each recent (autoconfirmed) account; overrides 'user' - 'ip' => null, // for each anon and recent account - 'subnet' => null, // ... within a /24 subnet in IPv4 or /64 in IPv6 + 'ip' => array( 8, 60 ), + 'newbie' => array( 8, 60 ), + ), + // Page moves + 'move' => array( + 'newbie' => array( 2, 120 ), + 'user' => array( 8, 60 ), ), + // File uploads 'upload' => array( - 'user' => null, - 'newbie' => null, - 'ip' => null, - 'subnet' => null, + 'ip' => array( 8, 60 ), + 'newbie' => array( 8, 60 ), ), - 'move' => array( - 'user' => null, - 'newbie' => null, - 'ip' => null, - 'subnet' => null, + // Page rollbacks + 'rollback' => array( + 'user' => array( 10, 60 ), + 'newbie' => array( 5, 120 ) ), - 'mailpassword' => array( // triggering password resets emails - 'anon' => null, + // Triggering password resets emails + 'mailpassword' => array( + 'ip' => array( 5, 3600 ), ), - 'emailuser' => array( // emailing other users using MediaWiki - 'user' => null, + // Emailing other users using MediaWiki + 'emailuser' => array( + 'ip' => array( 5, 86400 ), + 'newbie' => array( 5, 86400 ), + 'user' => array( 20, 86400 ), ), - 'linkpurge' => array( // purges of link tables - 'anon' => null, - 'user' => null, - 'newbie' => null, - 'ip' => null, - 'subnet' => null, + // Purging pages + 'purge' => array( + 'ip' => array( 30, 60 ), + 'user' => array( 30, 60 ), ), - 'renderfile' => array( // files rendered via thumb.php or thumb_handler.php - 'anon' => null, - 'user' => null, - 'newbie' => null, - 'ip' => null, - 'subnet' => null, + // Purges of link tables + 'linkpurge' => array( + 'ip' => array( 30, 60 ), + 'user' => array( 30, 60 ), ), - 'renderfile-nonstandard' => array( // same as above but for non-standard thumbnails - 'anon' => null, - 'user' => null, - 'newbie' => null, - 'ip' => null, - 'subnet' => null, + // Files rendered via thumb.php or thumb_handler.php + 'renderfile' => array( + 'ip' => array( 700, 30 ), + 'user' => array( 700, 30 ), ), - 'stashedit' => array( // stashing edits into cache before save - 'anon' => null, - 'user' => null, - 'newbie' => null, - 'ip' => null, - 'subnet' => null, + // Same as above but for non-standard thumbnails + 'renderfile-nonstandard' => array( + 'ip' => array( 70, 30 ), + 'user' => array( 70, 30 ), ), - 'changetag' => array( // adding or removing change tags - 'user' => null, - 'newbie' => null, + // Stashing edits into cache before save + 'stashedit' => array( + 'ip' => array( 30, 60 ), + 'newbie' => array( 30, 60 ), ), - 'purge' => array( // purging pages - 'anon' => null, - 'user' => null, - 'newbie' => null, - 'ip' => null, - 'subnet' => null, + // Adding or removing change tags + 'changetag' => array( + 'ip' => array( 8, 60 ), + 'newbie' => array( 8, 60 ), ), ); -- 2.20.1